Local user gains root privileges via buffer overflow in rdist, via expstr() function.
7.8CVSS
7.4AI Score
0.001EPSS
8.4CVSS
8.1AI Score
0.001EPSS
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.
8.4CVSS
7.3AI Score
0.001EPSS
8.4CVSS
7.9AI Score
0.0004EPSS
7.3CVSS
7.2AI Score
0.001EPSS
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.
7.4AI Score
0.0004EPSS
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
7AI Score
0.007EPSS
The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.
7.3AI Score
0.009EPSS
SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.
6.4AI Score
0.013EPSS
Buffer overflow in uum program for Canna input system allows local users to gain root privileges.
7.3AI Score
0.0004EPSS
Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
7.3AI Score
0.0004EPSS
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
6.8AI Score
0.0004EPSS
nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP port, which allows remote attackers to view files and cause a possible denial of service by mounting the nsd virtual file system.
7AI Score
0.051EPSS
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.
7AI Score
0.0004EPSS
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.
7.3AI Score
0.031EPSS
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
7.1AI Score
0.087EPSS
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.
6.4AI Score
0.003EPSS
IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.
6.7AI Score
0.0004EPSS
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.
8AI Score
0.015EPSS
Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as (1) gmemusage and (2) gr_osview.
7.2AI Score
0.0004EPSS
Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.
7.2AI Score
0.0004EPSS
Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.
7.3AI Score
0.0004EPSS
Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.
7.2AI Score
0.0004EPSS
The truncate function in IRIX 6.x does not properly check for privileges when the file is in the xfs file system, which allows local users to delete the contents of arbitrary files.
6.8AI Score
0.008EPSS
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.
6.5AI Score
0.0004EPSS
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
7.7AI Score
0.005EPSS
The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system.
6.7AI Score
0.003EPSS
Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.
6.6AI Score
0.029EPSS
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.
7.1AI Score
0.011EPSS
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modi...
6.7AI Score
0.021EPSS
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
7.7AI Score
0.019EPSS
Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.
9.8CVSS
10AI Score
0.004EPSS
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.
9.8CVSS
10AI Score
0.011EPSS
Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.
7.7AI Score
0.016EPSS
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.
7.3AI Score
0.0004EPSS
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
7.4AI Score
0.009EPSS
SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.
7.2AI Score
0.009EPSS
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
7.4AI Score
0.972EPSS
Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.
8AI Score
0.006EPSS
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
7.7AI Score
0.965EPSS
lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.
7AI Score
0.0004EPSS
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message.
8.3AI Score
0.028EPSS
Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.
8.1AI Score
0.048EPSS
Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk.
7AI Score
0.013EPSS
rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths.
6.8AI Score
0.002EPSS
Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges.
6.5AI Score
0.0004EPSS
Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, when running with the -R option, allows local and remote attackers to cause a core dump.
7AI Score
0.009EPSS
Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS.
6.2AI Score
0.0004EPSS
/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).
6.4AI Score
0.001EPSS
Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.
6.9AI Score
0.0004EPSS